Lucene search

[email protected]CVE-2007-3449

HistoryJun 27, 2007 - 12:30 a.m.

CVE-2007-3449

2007-06-2700:30:00

[email protected]

web.nvd.nist.gov

cve-2007-3449

sql injection

6alblog

member.php

remote attackers

arbitrary commands

8.4 High

AI Score

Confidence

Low

6.8 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.009 Low

EPSS

Percentile

82.8%

JSON

SQL injection vulnerability in member.php in 6ALBlog allows remote attackers to execute arbitrary SQL commands via the newsid parameter.

Affected configurations

NVD

Node

gorani_network6alblog

CPENameOperatorVersion
gorani_network:6albloggorani network 6alblogeq*

CPE	Name	Operator	Version
gorani_network:6alblog	gorani network 6alblog	eq	*

References

osvdb.org/37012

secunia.com/advisories/25834

www.securityfocus.com/bid/24630

www.vupen.com/english/advisories/2007/2323

exchange.xforce.ibmcloud.com/vulnerabilities/35048

www.exploit-db.com/exploits/4104

8.4 High

AI Score

Confidence

Low

6.8 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.009 Low

EPSS

Percentile

82.8%

JSON

Related for CVE-2007-3449

nvd1 cvelist1 prion1